Public sector 'UK's top target for malware attacks'

Posted by: Rachel Vardon4 Aug 15 - 9:30AM

The public sector is the UK's biggest target for malware attacks, according to a new study from information security and risk management firm NTT Com Security.

Having analysed more than six billion security attacks in 2014, NTT revealed that almost two in five malware attacks were against public sector organisations. Indeed, the public sector was three times more likely to be hit than the next most heavily targeted sector, insurance, which attracted more than one in eight malware attacks. Next came the media and finance sectors, both of which suffered almost a tenth of all attacks.

Stuart Reed, senior director for global product marketing at NTT Com Security, said public sector attacks are so high because of the value of data held by these organisations. Although the threat level naturally varies from one organisation to another, he explained that all public sector bodies hold information that would be valuable to hackers.

Finance remains a major global target

The UK figures were in stark contrast to the global trend. When results from all countries are taken into account, financial services firms – with 18 per cent of all attacks – were found to be most at risk.

While the UK's public sector was a particular target, the Global Threat Intelligence Report went on to reveal a sharp increase in worldwide attacks on business and professional services organisations. Attacks on these companies made up 15 per cent of all such incidents last year, up from nine per cent a year before. These businesses are typically seen as a soft target by hackers, but still a valuable one due to their connections with much larger organisations.

Mr Reed said the spike in incidents specifically involving business and professional services firms was particularly interesting: "It's possible that companies in this sector may not have the equivalent security resources and skills in-house that many other larger companies do, yet they potentially yield high value for attackers as both an end target and a gateway target to strategic partners."

Where are attacks coming from, and how are companies coping?

There is a commonly held view that the vast majority of hacking stems from China and Russia, but NTT's report suggests this is wide of the mark. In fact, more than half (56 per cent) of all attacks were traced back to IP addresses originating within the US.

Examining the top 20 vulnerabilities, researchers discovered that 17 resided within user systems, rather than on servers.

Three-quarters of vulnerabilities throughout all enterprise systems were more than two years old, while almost nine per cent were over ten years old.

Despite the scale of the threat from hackers, a significant proportion of organisations simply aren't taking sufficient steps to guard against it, with three in four having no incident response plan in place.

What's more, the study showed that relying on antivirus software is not enough to prevent damage from a cyber attack, as just 46 per cent of new malware was detected by these programs. Clearly, there is still much to be done in the fight against cyber criminals.